On 5-Jun-06, at 4:43 PM, Eric Rescorla wrote:
Sam Hartman <[EMAIL PROTECTED]> writes:
Hi. I want to draw your attention to RFC 4107.
This rfc specifies a mandatory requirement for new work in the IETF
that except in a small number of cases that there needs to be
automated key management. For example if you have a protocol like
DIX
where there are MACs of messages, you need a key management solution
to set up and maintain these keys.
As I understand DIX 16.2, the only way in which the MAC is used is for
the Identity Agent to be able to determine that messages it has
generated are valid. The MAC isn't verified by anyone else and
a MAC is just a suggested implementation anyway. I'm not sure
how automated key management would fit in here.
Correct, and I don't think it does either.
I'm working on a draft of how an Identity Agent Application (as opposed
to an Identity Agent Website) would work. When using the DIX message
signing and signature verification method this necessitates a
collaborative
website to receive and process the verify request messages. The 'key'
then needs to be shared between the website and the application. RFC
4107 may play a part in that exchange.
John
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
